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Computer  security  can  be  used  as  a  vehicle 
to  achieve  accreditation  goals  for  computer 
science  and  engineering  programs,  while  at 
the  same  time  engaging  students  with 
relevant,  exciting  topics.  The  authors' 
approach,  based  on  educational  outcomes, 


illustrates  that  security  topics  can 
contribute  to  an  engineering  program  by 
fostering  all  skills  required  to  produce 
graduates  capable  of  critical  thinking. 


he  number  of  skilled  practitioners  of  computer  secu¬ 
rity  who  areableto  address  the  complexities  of  mod¬ 
ern  technology  and  are  familiar  with  successful 
approaches  to  system  security  is  very  small.  People 
want  security  but  arefaced  with  two  difficulties.  First, 
they  do  not  know  how  to  achieve  it  in  the  context  of 
their  enterprises.  They  may  not  even  know  of  a  way 
to  translate  organizational  procedures  into  policies, 
much  less  implement  a  set  of  mechanisms  to  enforce 
those  policies.  Second,  they  have  no  way  of  knowing 
whether  their  chosen  mechanisms  are  effective. 

The  recent  US  Presidential  Commission  on  Critical 
I  nfrastructure  Protection  recommends  developing  edu¬ 
cation  on  methods  of  "reducing  vulnerabilities  and 
respondingto  attacks  on  critical  infrastructures.”  The 
commission  recognizes  the  need  to  makethe”  required 
skill  set  much  broader  and  deeper  in  educational  level 
[for]  computer  scientists,  network  engineers,  elec¬ 
tronics  engineers,  [and]  business  process  engineers.”1 


Broadly  speaking,  the  engineering  discipline  is  fun¬ 
damentally  designed  to  assure  results  using  techniques 
based  on  scientific  principles.  In  terms  of  information 
assurance  and  security,  the  goal  of  engineering  is  to 
build  secure  systems  from  the  outset  rather  than  to  dis¬ 
cover  that  what  we  have  built  is  inadequate.  By  mov¬ 
ing  to  an  educational  system  that  cultivates  an 
appropriate  knowledgeof  security,  wecan  increase  the 
likelihood  that  our  next  generation  of  IT  workers  will 
have  the  background  needed  to  design  and  develop  sys¬ 
tems  that  are  engineered  to  be  reliable  and  secure. 

WHAT  IS  COM  PUTER  SECURITY? 

Thefield  of  computer  security  focuses  on  designing 
systems  that  can  enforce  security  policies  even  in  the 
presence  of  malicious  code.  0  ne  of  the  great  difficul¬ 
ties  of  security  engineering  is  that  subverted  systems 
may  appear  to  behave  normally  and  a  lack  of  security 
may  not  be  evident.  Systems  must  be  engineered  to  be 
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secure  as  part  of  their  conception,  design,  and  imple¬ 
mentation. 

Thechallengeisto  design,  develop,  and  deploy  com¬ 
plex  systems  with  confidence  in  their  ability  to  satisfy 
security  requirements.  A  theory  of  computer  security 
has  emerged  that  offers  a  formal  method  for  security 
engineering.2  This  theory  has  three  components:  pol¬ 
icy,  mechanism,  and  assurance.  Charles  Pfleeger  and 
Deborah  Cooper3  expand  on  these  components  by  list¬ 
ing  broad  classifications  of  security  concepts: 

•  Policy.  Understanding  the  threats  from  which 
information  needsto  beprotected  to  ensurecon- 
fidentiality,  integrity,  and  availability. 

•  Privilege.  Creating  mechanisms  to  distinguish 
and  control  theability  of  active  system  entities  to 
access  and  affect  system  resources. 

•  Identification  and  authorization.  Associating  the 
activities  of  the  executing  computer  with  indi¬ 
vidual  userswho  may  beheld  accountableforthe 
activities  undertaken  on  their  behalf. 

•  Correctness.  Providingassurancethatthehardware, 
software,  and  systems  for  security  policy  enforce¬ 
ment  are  not  susceptibleto  tampering  or  bypass. 

•  Audit.  Creating  traces  and  theability  to  interpret 
them. 

Theimplication  hereisthatto  achievea  coherent  secu¬ 
rity  architecture,  security  must  be  considered  from  the 
outset— not  as  an  afterthought.  Also,  competence  in 
design  for  security  policy  enforcement,  testing  for 
security,  and  assessment  of  security  must  be  part  of 
theeducation  of  system  implementers. 

COMPUTER  SECURITY  IN  EDUCATION 

Two  important  criteria  for  selecting  outcomes  for 
information  security  education  are  as  follows: 

•  Theeducation  must  result  in  graduates  prepared 
for  the  security  challenges  they  will  encounter  in 
their  professional  roles. 

•  The  specific  educational  outcomesfor  security  in 
a  given  educational  program  must  be  consistent 
with  those  of  the  larger  engineering  context. 

It  is  unreasonable,  however,  to  suggest  that  everybody 
should  know  everything  about  security.  Instead,  we 
propose  matching  appropriate  knowledge  and  skills 
with  typical  roles  in  the  information  society.  Cynthia 
I  rvine  identifies  ten  such  roles,4  including  softwareand 
hardware  developers,  system  architects,  system  certi¬ 
fiers,  CERT  members,  and  security  researchers. 

In  the  skill  set  specified  for  engineering  programs 
by  the  Accreditation  Board  for  Engineering  and 
Technology,  engineering  programs  must  demonstrate 
that  their  graduates  have: 


1.  An  ability  to  apply  knowledge  of  math,  science, 
and  engineering. 

2.  An  ability  to  design  and  conduct  experiments,  as 
well  as  to  analyze  and  interpret  data. 

3.  An  ability  to  design  a  system,  component,  or 
process  to  meet  desired  needs. 

4.  An  ability  to  function  on  multidisciplinary  teams. 

5.  An  ability  to  identify,  formulate,  and  solve  engi¬ 
neering  problems. 

6.  An  understanding  of  professional  and  ethical 
responsibility. 

7.  An  ability  to  communicate  effectively. 

8.  The  broad  education  necessary  to  understand  the 
impact  of  engineering  solutions  in  a  global  and 
societal  context. 

9.  A  recognition  of  the  need  for— and  an  ability  to 
engage  in—  lifelong  learning. 

10.  A  knowledge  of  contemporary  issues. 

11.  An  ability  to  use  the  techniques,  skills,  and  mod¬ 
ern  engineering  tools  necessary  for  engineering 
practice. 

To  understand  how  security  topics  could  be  used  to 
distinguish  a  computer  science  or  computer  engineer¬ 
ing  curriculum  and  to  achieveABET  Criterion  3  goals, 
we  decided  to  focus  on  a  set  of  high-level  educational 
objectives  as  the  basis  of  a  security-enhanced  curricu- 
lum  that  would  prepare  students  for  the  five  roles 
listed  above. 


A  major  goal  in  com¬ 
puter  engineering  and 
computer  science  is  to 
construct  computer  sys¬ 
tems  or  processes  that 
meet  a  desired  end  or 
requirement.  To  do  so, 
students  must  learn  how 
to  express  overall  sys¬ 
tem  objectives. 

A  general  goal  of  secu¬ 
rity  is  to  develop  com¬ 
puting  systems  that  can  ensure  security  policy 
enforcement  in  the  presence  of  malicious  software  and 
abusive  user  behavior.  This  particular  security  goal  may 
encompass  policy  objectives  for  information  confiden¬ 
tiality,  integrity,  or  availability.  In  addition,  the  system 
must  providea  mechanism  to  hold  its  users  accountable 
for  their  actions  through  identification,  authentication, 
and  audit.  Users  must  have  confidence  that  their  infor¬ 
mation  will,  in  fact,  beprotected  within  the  system. 

By  understanding  objectives,  students  will  havethe 
ability  to  state  a  requirement's  purpose,  significance, 
and  achievability  and  to  determinetheconsistency  of 
requirements  and  purposes. 
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Defining  problems 

Thefundamental  char¬ 
acteristic  of  engineer¬ 
ing  is  the  ability  to 
answer  the  question, 
“Does  this  structure  of 
components  have  the 
properties  required  for 
the  purpose  for  which 
they  are  designed?" 
Engineers  ask  this 
question  at  all  levels  of 
design,  from  the  level 
of  transistors  to  the  systems  themselves. 

We  can  define  security  requirements  as  the  prop¬ 
erties  of  a  system  that  must  hold  during  system  oper¬ 
ation.  The  question  at  each  level  of  design  becomes, 
"Does  this  structure  of  components  map  to  a  secu¬ 
rity  mechanism  about  which  wecan  have  confidence 
even  in  thepresenceof  maliciouscode?"  Usingformal 
security  policy  models  and  specifications  to  provide 
a  chain  of  evidence  that  the  implementation  corre¬ 
sponds  to  policy  can  demonstrate  the  feasibility  of  an 
actual  implementation. 

The  formulation  of  appropriate  questions  and 
problems  to  be  solved  in  thecontext  of  thediscipline 
yields  theability  to  formulate  questions  of  significance 
relative  to  the  overall  purpose;  to  state  the  problem 
to  be  solved  and  how  it  can  be  decomposed;  and  to 
determine  the  feasibility  of  the  problem's  solution. 

Understanding  context 

Concerns  at  the  archi¬ 
tectural  level  require 
describing  a  combina¬ 
tion  of  computer  and 
network  security  mech¬ 
anisms  to  ensure  a 
coherent  system  for  pol¬ 
icy  enforcement.  The 
software  developer  must 
be  concerned  with  the 
useof  hardware  mecha¬ 
nisms  to  support  these  security  objectives.  The  hard¬ 
ware  designer,  meanwhile,  must  attempt  to  construct 
devices  that  support  protection  objectives  while  keep¬ 
ing  in  mind  a  widevariety  of  software  implementations. 

An  appreciation  of  the  contexts  brought  to  bear 
upon  a  problem  through  various  roles  permits  students 
to  internalize  the  ability  to  design  and  analyze  solu¬ 
tions  to  meet  requirements  and  specifications  at  mul- 
tiple  levels  of  abstraction  and  from  several  viewpoints; 
to  understand  the  impact  actions  on  one  level  or  in  one 
viewpoint  have  on  other  levels  or  viewpoints;  and  to 
trade  off  several  requirements  from  different  view¬ 
points  in  order  to  achieve  the  maximum  benefit. 


Engineers  often  obtain 
empirical  results  at  the 
lab  bench  by  building 
prototypes  and  measur¬ 
ing  their  performance. 
These  methods  are  also 
applicable  to  security. 
Functional  interface  test¬ 
ing,  internal  engineering 
tests  of  selected  subsys¬ 
tems,  system  generation 
and  recovery  tests,  and  unit  and  moduletesting  areall 
parts  of  the  development  process  for  a  secure  system. 

In  the  lab,  prototype  systems  can  be  built  and  exam¬ 
ined  for  security  flaws.  Performance  issues  may  also 
be  examined  by  balancing  expected  decreases  in  vul¬ 
nerability  against  user  convenience  and  system  effi¬ 
ciency.  Techniques  for  assessing  system  vulnerability 
can  be  used  to  examine  real  systemsfor  genuineflaws. 

Theeducational  outcomefor  cultivating  a  focus  on 
empirical  reasoning  skills  includes  the  ability  to  con¬ 
struct  experiments  or  prototypes  to  demonstrate  some 
purposeorfacilitatesome meaningful  exploration  and 
theability  to  observe,  collect,  analyze,  and  interpret 
data  from  experiments. 


Thefundamental  theo¬ 
ries  and  the  reasoning 
techniques  that  allow 
those  theories  to  be 
expressed  define  a  dis¬ 
cipline.  In  computer 
science  and  engineer¬ 
ing,  the  fundamental 
theoretical  concepts 
are  based  on  mathe¬ 
matics,  logic,  and 
physics.  These  theoretical  concepts  form  the  princi¬ 
ples  of  construction  and  analysis.  In  electrical  and 
computer  engineering,  linear  systems  theory  is  based 
on  sinusoidal  signal  composition  and  on  superposi¬ 
tion,  which  gives  rise  to  theclassical  treatments  of  net¬ 
works,  controls,  and  communications  theory. 

Theconstruction  of  computer  hardware— and  to  a 
lesser  extent  software— is  based  on  logic,  predicate 
calculus,  discrete  math,  and  finite-state  machine  the¬ 
ory.  In  addition  to  applying  standard  mathematical 
foundations  to  constructing  hardware  and  software, 
security  includes  theoretical  concepts  to  support  the 
development  and  use  of  cryptography  and  crypto¬ 
graphic  functions,  protocols,  policy  models,  specifi¬ 
cations,  and  the  use  of  formal  methods  for  verification 
and  covert  channel  analysis.  The  means  for  analysis 
is  based  on  discrete  math,  information  theory,  and 
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mathematical  logic  such  as  standard  predicate  calcu¬ 
lus,  modal  logic,  and  specialized  belief  logics. 

Theeducational  outcomes  achieved  through  a  study 
of  reasoning  tools  and  theoretical  results  include  a  clear 
understanding  of  the  mathematical,  logical,  and  phys¬ 
ical  concepts  that  form  the  analytical  basisand  princi¬ 
ples  of  construction.  They  also  include  the  ability  to 
apply  analytical  concepts  and  principles  of  construc¬ 
tion  to  the  analysis  and  construction  of  real  systems. 


previous  elements  of  A BET's  Criterion  3.  Correctly 
balancing  consequences  is  sometimes  called  business 
sense,  which  successful  system  architects  and  design¬ 
ers  find  to  debased  on  experience,  empirical  reason¬ 
ing,  and  conceptual  reasoning  coupled  with  a  deep 
understanding  of  intended  purposes  or  goals. 

Determining  the  ethical  consequences  of  computer 
use  is  complex  but  may  be  based  on  the  following 
threeABET  Engineering  2000  Criteria: 


Identifying  assumptions 

Security  is  never  the  princi¬ 
pal  objective  of  a  system. 
Systems  are  designed  to 
provide  services.  In  this 
sense,  security  engineering 
must  always  take  place 
within  the  context  of  the 
overall  system  objectives. 
Each  engineering  discipline 
makes  assumptions  regard¬ 
ing  the  various  objectives  of 
the  components,  services,  and  properties  available  at 
each  level  of  design.  In  fact,  design  levels  and  levels  of 
abstraction  are  defined  by  these  assumptions  as  well 
as  by  the  particular  rules  of  composition  used  for  cre¬ 
ating  structures  of  components. 

For  example,  designers  of  authentication  protocols 
assume  the  presence  of  encryption  functions  of  suit¬ 
able  strength.  Designers  of  software  assume  the  cor¬ 
rectness  of  the  hardware  platform  supporting  the 
instruction-set  architecture.  Secure  system  designers 
may  assume  that  the  system  security  administrator  is 
trustworthy  and  that  thecompiler— placed  under  con¬ 
figuration  management— does  not  contain  artifices  to 
create  trapdoors. 

It  is  essential  that  the  consistency  between  the 
assumptions  of  security  engineers  and  other  engi¬ 
neering  concerns  be  checked.  M  ismatches  in  design 
I  evel  s,  f  r  a  m  es  of  r  ef  er  en  ce,  o  r  a  p  p  I  i  ca  t  i  o  n  s  ca  u  se  i  n  co  n  - 
sistent  assumptions.  By  learning  to  comparediffering 
assumption  sets,  students  can  increase  their  ability  to 
state,  justify,  and  check  the  consistency  of  their  design 
assumptions. 

Identifying  implications  and  consequences 

In  all  engineering  pro¬ 
cesses,  the  implications  of 
design  decisions  and  sys¬ 
tem  behaviors  affect  risk 
analysis,  cost,  ease  of  man¬ 
ufacture,  ease  of  mainte¬ 
nance,  reliability,  and 
ethics.  Determining  impli¬ 
cations  and  consequences 
means  relying  on  all  the 


•  an  understanding  of  professional  and  ethical 
responsibility; 

•  the  broad  education  necessary  to  understand  the 
impact  of  engineering  solutions  in  a  global  and 
societal  context;  and 

•  a  knowledge  of  contemporary  issues. 

By  cultivating  an  understanding  of  consequences  and 
implications,  students  can  anticipate  and  articulate 
positive  and  negative  con  sequences,  and  can  more  eas¬ 
ily  judge  their  likelihood. 


The  ability  to  draw  infer¬ 
ences  from  a  great  amount 
of  information  is  a  skill 
that  must  be  refined 
through  years  of  practice. 
While  at  school,  students 
should  be  encouraged  to 
attempt  inferences.  And  in 
terms  of  learning  about 
security,  students  should  be 
introduced  to  inference 
techniques  by  being  asked 
to  draw  conclusions  about  systems  security. 

For  example,  security  engineers  make  inferences  in 
the  areas  of  fail-secure  and  secure-system  recovery; 
systematic  penetration  testing;  and  detection  of  evi¬ 
denceproving  abusive  behavior  based  on  profiling  and 
audit  data.  These  concerns  are  common  to  both  secu¬ 
rity  and  engineering. 

By  focusing  on  inference  techniques,  students  can 
cultivate  an  ability  to  draw  correct  inferences  based 
on  principles,  observations,  concepts,  and  data;  to  jus¬ 
tify  conclusions;  and  to  draw  conclusionsthatarerel- 
evant  and  consistent. 

I NTEGRATI NG  SECURITY  I NTO  THE  CURRI CULUM 

Security  insights  must  be  integrated  within  the  exist- 
ing  information  systems  programs,  rather  than  be 
treated  separately.  The  technical  aspects  of  security 
are  closely  related  to  computer  science  and  engineer¬ 
ing.  And  many  of  the  goals,  concepts,  and  reasoning 
techniquesare similar  too.  Thus,  two  approachesare 
possible: 
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•  Computer  security  could  be  the  focus  of  the  cur¬ 
riculum,  which  would  investigate thefoundations 
and  technical  approaches  to  security  in  consid¬ 
erable  depth. 

•  A  computer  scienceor  computer  engineering  cur¬ 
riculum  could  choose  to  use  computer  security  as 
an  important  property  to  be  addressed  in  all 
coursework. 

Greg  White  and  Greg  Nordstrom5  have  already 
demonstrated  the  feasibility  of  successfully  integrat¬ 
ing  security  concerns  into  traditional  courses.  This 
approach  has  the  advantage  of  viewing  security  as  an 
integral  part  of  computer  engineering  and  science. 

Topics  appropriate  to  a  security-oriented  curricu¬ 
lum  include  security  policy  models;  formal  methods 
applied  to  system  specification,  development,  and 
analysis;  hardware  and  software  protection  mecha¬ 
nisms;  securesystem  design,  implementation,  and  test¬ 
ing;  database  security;  modern  cryptography; 
cryptographic  protocols;  key  management  and  key 
distribution;  auditing;  identification  and  authentica¬ 
tion;  and  coherent  network  security  architectures.6-7 

Ideally,  computer  science  and  computer  engineer¬ 
ing  texts,  course  materials,  and  laboratory  exercises 
would  have  computer  security  completely  integrated 
into  appropriate  topics.  Unfortunately,  such  materi¬ 
als  do  not  yet  exist.  In  the  interim,  however,  security- 
related  supplements  can  be  used. 

AN  EXAM PLE  OF  INTEGRATION 

In  a  curriculum  that  places  considerable  emphasis 
on  visual  simulation,  for  example,  the  possibility  of 
including  security  topics  may  seem  rather  far-fetched. 
Even  so,  security  requirements  rest  at  the  heart  of 
every  system,  and  visual  simulation  systems  are  no 
exception.  They  will  depend  upon  thesecurity  of  OSs, 
databases,  and  networks  to  operate  properly.  Core 
requirements  in  the  visual  simulation  curriculum 
might  includestochastic  modeling,  system  simulation, 
physically  based  modeling,  and  image  synthesis. 
Students  could  be  required  to  take  courses  in  other 
basic  topics,  such  as  networking,  OSs,  programming 
languages,  and  software  engineering.  M  oreadvanced 
topics  might  include  the  use  of  networking  for  virtual 
environments  and  systemsfor  creating  virtual  worlds. 

Examples,  exercises,  and  special  topics  could  be 
used  to  add  security  concepts  to  both  introductory 
and  advanced  courses.  For  instance,  in  beginning  pro¬ 
gramming  courses,  students  might  be  given  an  exercise 
to  enter  information  into  certificates  or  to  check  pass¬ 
words.  As  part  of  a  course  in  discrete  mathematics, 
students  could  discuss theuseof  Boolean  arithmetic  in 
cryptography.  A  presentation  on  lattices  could  be 
enlivened  by  showing  how  they  can  be  used  for  for¬ 
mally  expressing  mandatory  security  policies.  Soft¬ 


wareengineering  students  could  takeadvantage 
of  existing  cryptographic  libraries  while  build¬ 
ing  a  larger  system. 

W  hile  learning  the  basics  of  computer  archi¬ 
tecture,  students  could  honetheir  assembly  lan¬ 
guage  skills  by  experimenting  with  the 
privileged  instructions  essential  to  building  pro¬ 
tection  mechanisms.  In  networking,  they  could 
examine  not  only  traditional  communications 
protocols  but  also  algorithmsand  protocolsfor 
secure  communications.  Through  experiments 
in  system  configuration  and  management,  stu¬ 
dents  could  learn  thevalueof  well-defined  procedures 
to  mai  ntai  n  the  security  of  systems  once  they  are  oper¬ 
ational.  Thenotion  of  certified  codefor  upgradesand 
patches  could  i  1 1 u str ate  co n cepts  i  n  authentication  and 
distribution  of  software  for  critical  systems. 

M  oreadvanced  courses  could  ask  students  to  con¬ 
sider  security  when  designing  software  and  networks 
to  support  distributed  simulations.  Here,  systems 
issues  relating  to  the  protection  of  databases  and  algo¬ 
rithms  essential  to  creating  a  secure  network  could  be 
addressed.  Students  could  be  asked  questions  such  as, 
“Where  are  the  cryptographic  keys  stored  and  why 
do  you  believe  they  are  protected?”  and  “How  will 
company-proprietary  information  be  separated  from 
public  information  and  how  will  it  be  protected?"  By 
asking  tough  questions  such  as  these,  students  will 
appreciate  the  fact  that  security  must  be  an  integral 
part  of  system  design. 

Wl  LL  GRADUATES  BE  QUALI  FI  ED? 

H  ow  adequate  is  our  plan?  To  answer  this  ques¬ 
tion,  we  compare  our  educational  objectives  with 
remarks  made  by  employers  in  the  computer  security 
field  at  the  1996  IEEE  CSSymposium  on  Security  and 
Privacy,8  the  1997  ACM  Workshop  on  Education  in 
Computer  Security  (WECS  97), 9  and  the  1997 
National  Colloquium  for  Information  Systems 
Security  Education.10 

A II  w ho  made  remarks  specified  that  security  is  not 
an  isolated  discipline  but  rather  is  part  of  the  larger 
context  of  engineering  and  computer  science.  Some 
indicated  that  ethics  should  be  part  of  security  edu¬ 
cation.  T  he  study  of  ethics  is  already  part  of  an  engi¬ 
neering  education  and  falls  into  the  major  objective 
of  implications  and  consequences.  WECS  97  atten¬ 
dees  concluded  that  information  responsibility  should 
be  taught  well  before  students  enter  institutions  of 
higher  education. 

Several  of  the  participants  suggested  that  opera¬ 
tional  expertise beapplicableto  industry— an  idea  that 
is  covered  by  several  elements  of  our  approach.  M  any 
expressed  specific  concerns  over  linking  security  to 
several  engineering  activities  spanning  requirements, 
specification,  design,  implementation,  testing,  and  val- 
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idation.  And  there  were  requests  that  theory  inform 
practice  and  practice  inform  theory. 

H  ow  well  does  the  proposed  framework  meet  the 
accreditation  requirements  for  engineering?  The 
accreditation  criteria  for  electrical  and  computer  engi- 
neering  programs  proposed  by  the  IEEE  refer  to 
A BET's  Criterion  3  listed  before.  Programs  must 
demonstrate  that  graduates  can 

•  achieve theoutcomes listed  in  Criterion  3  in  three 
or  more  areas  of  electrical  and/or  computer  engi¬ 
neering; 

•  havetheability  to  apply  themath  and  sciencenec- 
essary  to  analyze  and  design  complex  devicesand 
systems  containing  hardware  and  software;  and 

•  have  knowledge  of  discrete  mathematics. 

There  are  broad  similarities  between  the  educational 
outcomes  we  expect  to  emerge  from  our  approach  and 
A  BET's  Criterion  3.  Thus,  including  computer  and 
network  security  topics  within  a  computer  science  or 
engineering  curriculum  will  providetwo  benefits.  First, 
thetopicswill  contributeto  theeducational  outcomes 
required  for  ABET  accreditation.  Second,  integrating 
thetopics  into  a  computer  scienceor  engineering  cur¬ 
riculum  will  add  a  highly  relevant  dimension  to  the 
program—  a  feature  prized  by  prospective  employers. 

The  increasing  use,  reliance  upon,  and  vulnera¬ 
bility  of  current  large-scale  information  sys¬ 
tems  demands  that  more  resilient,  reliable,  and 
secure  systems  be  built  and  deployed.  But  too  few 
computer  science  and  engineering  programs  today 
pay  adequate  attention  to  security,  even  though  secu¬ 
rity  concepts  are  fundamental  and  apply  to  all  levels 
of  system  and  application  design. 

It  is  reasonable  to  ask  that  technically  meaningful 
ways  be  sought  to  integrate  security  into  the  engi¬ 
neering  and  computer  science  curricula  charged  with 
the  education  of  the  majority  of  system  designers  and 
implementers.  An  approach  based  on  educational  out¬ 
comes  illustrates  that  security  topics  can  contributeto 
an  engineering  program  by  fostering  all  skills  required 
to  produce  graduates  capable  of  critical  thinking.  ❖ 
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